Hello everyone!
First: This is not about how you could unlock your bootloader in a few steps! Specially for the LG G4, now where we have root.
This is a technical basic knowledge question to experienced developers in this topic!
I wanted to know how one of the experienced devs would act in his first steps to get an unlocked bootloader.
What knowledges are needed?
I expect this last step is the most difficult and complicated step? And probably the most risky step.
I'm interested in this because I'm currently studying computer science, but didn't go that deep into the android device world
We mostly see the finished product of very skilled developers here, but I'm interested in how to start such a project. Where can you get the important informations you need to know to make the bootloader loading an unsigned kernel image and so on...
So, what's the common thread to bring such a thing to success?
I can understand if these devs don't want to discuss this in public, because they fear that the manufacturers will use this knowledge as well to make their devices even harder to unlock. But maybe you can give me some hints
Thank you!
First: This is not about how you could unlock your bootloader in a few steps! Specially for the LG G4, now where we have root.
This is a technical basic knowledge question to experienced developers in this topic!
I wanted to know how one of the experienced devs would act in his first steps to get an unlocked bootloader.
What knowledges are needed?
- Opening the device to get physical access to the flash memory?
- Connection probably hidden or physically disabled (by burned fuse) JTAG to dump the flash?
- Just dd the bootloader partition?
- Is bootloader signed and/or compressed and/or encrypted?
- How would you proceed this way (when bootloader is encrypted)? Would you try to get out some secrets from the (probably used) high security cryptography co-processor chips by very expensive equipment? Or am I expecting way too much by the manufacturers?
- When bootloader is a plain binary file: Is it enough to throw it into IDA Pro ARM disassembler and analyse where the kernel signature is validated to place some jump instructions there?
- Or would it just be enough to compare a T-Mobile bootloader binary (which seems to be factory unlocked) with an locked bootloader from other carriers and find out whats the magic (maybe just a bit flag)?
I expect this last step is the most difficult and complicated step? And probably the most risky step.
I'm interested in this because I'm currently studying computer science, but didn't go that deep into the android device world
We mostly see the finished product of very skilled developers here, but I'm interested in how to start such a project. Where can you get the important informations you need to know to make the bootloader loading an unsigned kernel image and so on...
So, what's the common thread to bring such a thing to success?
I can understand if these devs don't want to discuss this in public, because they fear that the manufacturers will use this knowledge as well to make their devices even harder to unlock. But maybe you can give me some hints
Thank you!
Last edited: